 Is this okay, like this? Okay, test. All right. What further I do? The next talk is Protecting Secrets with Hardware by Michael Schluck von Benevitz. Okay, folks. So I think we can start for one minute late. Sorry about that. Just to begin with, I don't see my colleagues. Anyway, I was hoping they would help me pass a couple wallets out. I don't have a good camera, so that's why I'm passing these out. Just for example, take a look, feel it in your hands. This is kind of the current status of the mechanical engineering. So maybe, can you, one there and one there or something. Yeah, this is a monero wallet, but we'll be talking about quite a few different kinds. And with so little time, let's just get started. There's going to be, in this half hour hardware theory, we're going to have some device trends. So what's happening with the H wallet, what we just heard about an hour ago and a lot of other devices, which actually some of which don't have anything to do with cryptocurrency, but they all store secrets. We'll take a look at some of the lab research that's going on, that I have a personal connection to. My own lab can explain a bit about the ICs, the emerging trends there with the different elliptic curves and the different crypto models. And at the very end, we'll just do a quick development workflow for anybody who's curious about how a piece of hardware becomes reality, right? So in theory, we need to understand a few things that most of these secret protecting hardware devices, which is the topic of this half hour presentation, they're using MCUs, these are microcontroller units as opposed to an MP or a microprocessing unit. They're very low powered, some can work off of coin cell batteries or three or five volt USB power intake, for example. That's the first thing that we have common to all of these hardware platforms that are storing secrets for us. They almost all have on chip program storage, which is where the firmware runs. This is what happens when you turn the device on and the boot loader starts the next instruction at the firmware block level. Anyway, so that's on chip as far as MCUs go. We don't have a hard drive or SSD drive or external storage usually. There are some exceptions to that. We'll take a look at later on as well. All of these platforms have debug interfaces. Everything's okay? Yes, I know. It's only 20 minutes, sorry. Okay, so I'll go even faster. Anyway, so what we have with most of these platforms are debug interfaces, which means you can program the firmware, change the boot loader, inspect things, step through the instructions, and the last of which is that some of these platforms offer on-chip security, like the KL82 chip, which the H-Wallet gentleman was talking about before. And some device trends, just to go through this quickly in a whirlwind style manner, is a Nitro Key Flip Pro. Not all of these have blockchain and cryptocurrency applications, but they do all store secrets or control access to secrets in one way or another, which makes it kind of relevant to what we do in the blockchain cryptocurrency world, right? So we've got the digital bitboxes, kind of an eye candy run through here. While I was compiling these photos for this presentation, I found something that I've never seen before, so I don't know if this exists. If anybody knows that Purism is or is not developing a USB key format secure something, the Librem key is what this looks like it's called. I think many of us have seen the Multipass Mini. In fact, the person developing this was in Janssen last year, I think giving one of the, not a keynote, but in the security dev room, he did a speech on that. Really good project. Tomu is another USB connected device, which is two-factor authentication and does quite a lot in a small package. This is complete open source. Most of these are, in fact. I'm not sure about this one if it's open source, but I thought I'd put it up anyway. It's kind of a, they branded an HSM or a hardware security module, which is, I'm not sure. Most HSMs cost 200,000 euros, you know, they're like this, and if you tilt them one degree, then they wipe the keys. You know, this kind of crazy complex behavior. So they're kind of marketing as an HSM. We've got the Trezor, which most people know about. And cold card just came out a few months ago or a few, something like that. These are all cryptocurrency hardware wallets. The ledger is quite popular as well. And like I said, all of these devices store secrets, control access to secrets, and then optionally do some things with applications on top of that. Yeah, I wanted to mention that HWallet is, I think, running on NXP microcontrollers and hardware. So I found that speech pretty interesting. This is the project that I'm spending most of my time on. It's a Monero dedicated hardware wallet. And this is actually what's being taken pictures of, I guess, in some places. And making the rounds is just a very simple example of a PCB and the enclosure, which is in the Monero classic red, white, and gray colors that I'm passing around now. And that's what the PCB looks like. This is the advanced model. We have two. We have a legacy type and an advanced model. This is using the CEC 1702 chip from Microchip, which anybody who's familiar with that knows that it gives us ED25519 Lipstick Curve digital signature algorithm on chip. So there's a few different things like that. I don't want this to be too complicated. But the one question that's important and relevant for us is what are all of these devices doing? We have this runaway kind of whiplash of presentation of all these different pictures. What they're doing is controlling access to secrets, right? They're giving us the ability to store many secrets on one device or wipe all secrets so that there's none at all. Or controlling access is the name of the game here. The way I do that in my own laboratory environment is that I study the power circuits involved. We're going to be drawing from USB. Will USB be required? Or can we do something untethered, which would mean untethered means without any cabling, without any USB cable to provide power? And untethered, what does that mean for us? We can't do any remote blockchain transactions over USB without a tethered USB connection. So it kind of reduces the amount of application reach that we can accomplish with that. But cabling or batteries, all of these types of things are part of the research environment. If you take a look at the devices making the rounds, I don't think you'll be able to see, you can't see on the bottom, but there are three different ways to power it. There's a coin cell battery, which we are not sure if it's going to allow for enough current to actually power the device. We haven't tested that well enough yet. There's a USB, which is a classical power intake, providing five volts of power. And then we have lithium ion or lithium polymer, JST connector, which gives us 3.7 volts of power, should be enough for no problem. So we have some options there for the untethered operation that I mentioned before. Another thing that I like to do a lot, just like the other speaker an hour ago, is to experiment with all of the provided on-chip crypto, what some of these microcontrollers are offering. And he had better designs than I do. I guess my style is to talk about this more. But we're kind of looking at a variety of microcontrollers, for example, the NRF 52840 from Nordic Semiconductor, which packages ARM's crypto cell 310, if you're interested in the details. Crypto cell is basically a block of crypto application code provided by ARM, just the same manufacturer that provides Cortex-M and all of the other circuitries that go into all of these STM and NXP and Nordic Semiconductor chips that you buy. Anyway, so crypto cell is offering a lot of different algorithms, not just AES and hash algorithms, but they're doing things with ECDSA with elliptic curves as well. And so we're looking at the NRF 52840. We're already working with the CEC 1702 from Microchip. These are all the on-chip crypto ideas that we're having and experimenting with, researching. Serial circuits is important when we're doing communication. So if we're going over a UART or a USB connection to exchange information with a connected host, the laptop computer, the workstation, whatever it's connected to, then we've got to understand how that works. And that changes from one chip to another as well. The NXP, which was it the last speaker, or the last two speakers ago, was saying that the Nordic chip is so useful, because it gives you Bluetooth and NFC and USB all-in-one chip. On top of that, it gives you the ARM crypto cell. So that's very important to us to study the on-chip crypto and the serial circuitry as well. The display circuits is what we're doing with badges a lot when we explore and try things like LED arrays or EPD, e-paper work displays. This is a bit exotic and it's very difficult to reach decisions on. EPD, for example, has a ghosting problem. So if you have some secret on the display and you turn the display off, it's possible maybe with an infrared camera to capture parts of that secret. On top of that, if you detach the power while the display is on, even without power, that display will continue displaying what it had before. So it's a really difficult problem to solve. That's why we're making very little progress with the display factor. But it's certainly one of our major research parts. And then the human interaction, how people like to interact with a device. If they're interested in more than two buttons, the shift devices from, I'm sorry, the bit box from shift devices, they've changed their name to shift crypto, I think. They're using a very interesting capacitive touch button. So there's no tactile up and down clicky motion. And on top of that, with a capacitive touch, you can drill a hole inside and put a light on the bottom, a reverse-mounted LED, so that you have a nice pulsating light. And then you know exactly where to touch. So there's all of these human interaction factors, which we're doing research on, kind of comparing what others have had success with, what users like to have. So these are, I've already mentioned, the Nordic semiconductor, which is the third one here. I have a laser somewhere. Maybe I should get that. And then the first one, I think I put on there is the CEC, isn't it? Yeah. So the PCB that's making the rounds now, that's integrating one of these here. That's a BGA chip. It's the part that's in the middle. You'll see it on only one of them, because I flipped the PCB around on the other. If you see a small chip in the middle with lots of balls, that's going to be populated with a CEC-1702, the one that gives us the Edwards and the Montgomery curves, which is what Monero needs, instead of the Koblitz ones, which is what all of the other cryptocurrencies use. Right. So the ATEX-608A is an elliptic-curved ECDSA IC, or integrated circuit, which isn't actually a microcontroller, but is useful together with a microcontroller. And since Microchip bought Atmel, what already a couple of years ago, they're making a lot of connections here. In the datasheet you'll find, for example, that you can optionally connect an ATEX-508 to the top here, this microcontroller, and they work together then. The Nordic one we talked about, it's the one as well that the gentleman talking about, each wallet talked about. This is where it's packed with all of this I.O., with this USB, UART, NFC, and Bluetooth smart. And it's a microcontroller as well. It has a crypto cell blocks inside, so you can do all kinds of crypto on-chip, which makes it useful for storing secrets. The one thing I should mention is that there is the concept of secure storage. So if we have stored secrets, for example, in RAM, it doesn't help so much that we're doing on-chip cryptography. If we can somehow tap the RAM through a JTAG or some other debug interface, and then you just steal the secret, right? One of our jobs is to protect that secret and not just accelerate applications that use it by doing on-chip crypto. So when we talk about secure storage, not all of these platforms offer that. The ATEX-608A, all of the ATEC chips, there's a 108, there's a 508, and now there's a 608 as well. They have a form of secure storage where you can lock certain slots. It has up to 16 slots, and you can put keys in there. You can put ECDSA private keys in there, and then you lock one of the slots, and what happens when you deliver that API command to lock the slot is that internally to the chip, I don't have a good, it would be great to have an animation for this, but internally to the chip, there's a small fuse that's blown. So there's a small, not really a small, well, you know what that's like when a fuse blows, right? You won't smell any smoke. It's just too small for that. But there's an actual fuse that blows and destroys lines, which are the read lines, which means that anybody tapping onto that chip and trying to read out the secret key will just get a dead end, right? Those lines are damaged and destroyed. After that, well, how do you use the secret key if it's locked away forever and you can't get it? You have to deliver API commands to that IC and say, for example, verify this piece of data for me. Was it signed with the secret key? So it's the IC that's doing all of the work after that. And you have to depend on the IC. You can never, again, get that secret key out of there, right? Unless you stored a copy of it somewhere else before the fact. That's another topic, backups and so on. Anyway, so that's the topic of secure storage. And there's a variety of different ways to accomplish that. And there's things like meshes which detect intrusion when you're doing things like sulfuric acid decapsulation and then applying power. If that secure mesh is made to detect intrusion in this kind of way, then it will wipe the keys. There's lots of ways to implement secure storage. I think this one has secure storage as well. This is very similar to the second here. The STSafe, it actually didn't fit on the slide, but it's called a 100A. And yeah, so the STSafe is another IC that's very similar and it helps you by storing secrets and then giving you the crypto operations to manipulate them. So the development workflow usually begins with compiling some requirements, knowing what your user will end up using, what they need, what they want. And I don't need to explain that. So I think I will just move to what some of these things like existing review, if you're going to make a new piece of hardware, where do you get the ideas? You know, you don't want to reinvent the wheel. You're going to mix up some different designs into a third type of design. Reference designs is what I always use from the data sheets, for example, for all of these parts. And the basic wheel, the cycle of hardware design begins with a schematic design, creating those circuits and then moving that to a layout. I'll show quite quickly here, KeyCAD. This is how I think a lot of free and open source folks begin there. I won't have time to create a new schematic in circuits, but that would be a new project. Here I have a schematic of what you're holding your hands there, the demonstration device that's making the rounds. So that's the microcontroller in the middle. As you can imagine, this is the largest piece. We have our two displays down here, only one of which is applied at any one time. And we have things like power and USB up there. And that's what we consider a schematic. This is describing how all of the parts are connected together and what lines are maybe not connected at all or how they're connected together. And so what we have after the schematic design is a layout. How do we go to that? This is what the layout looks like. And this starts to resemble the PCB very much, the one that you're holding in your hands. So you can kind of see what that looks like. If we zoom in the middle here, this is where all those balls are. And you can see on one of those two PCBs, the small chip in the middle, and that's what it looks like. And the way I made that cool design is that I just made a 3D representation of it. And this way you can really kind of spin this around and see, isn't that great? Yeah, the maintainer of KeyCAD was just speaking in the CAD room. So they're doing a great job. So let's go back. Parts, sometimes you get some of these designs, and there's a lot of equivalent parts that you can use, cheaper ones or more modern ones or ones that are going to be supported longer. So that's one thing I do, is I use tools like Octopart, for example, to see where I can get the largest amount of parts. There's a lot of considerations. Price as well, for example. Create a bill of materials so that other people can understand what you're making. If you have an open source design, it's always nice to know that people can copy your design and change it or combine it or give you feedback as well. This is wrong, this won't work as well. Yeah, and to understand which of the parts that you're using are NDA unencumbered because I think everyone here understands that freedom is not optional, right? You don't want to sell your soul to a manufacturer and then no longer be able to release open source. And that's what NDAs cause this type of problems. NDA stands for non-disclosure agreements. So this is all about parts and parts selection. It's actually my least favorite thing to go shopping for parts. I spend days sometimes trying to find good prices. I fly to Shenzhen, like I think most people do when you get involved enough in all of this. And then anyway, at the end of this is all manufacturing and so you're developing relationships and figuring out which manufacturers can produce what for you, different colored silk screens or different layers for the same price, et cetera, et cetera. There's a few in Europe that are doing good jobs for us nowadays. Anyway, so the materials is quite simple. I think I can do a quick demonstration of that as well. So we're using FreeCAD for our enclosure design. Once I start that, it takes a while to start. But yeah, the materials engineering just means what kind of material are you going to use? ABS or PLA or PLA gives you the option to do 3D printing at house, for example, with a bunch of printers that you own, for example, or PC polycarbonate, which is very... It's impact-proof and so on. So this is kind of... If it ever shows up, it always takes a while on my computer. Yeah, so that's the... That's the... Okay. Oh, questions is important. And I think that was the... Production is the last slide. So then we have packaging, distribution, the things that you can expect, artwork, and so on. And that was it. Right, so this wraps up our presentation. And these are the topics that we covered. I don't know if you have questions about any of these things or about the devices that are making the rounds. There are some devices that we can plug in in the front and they work, but there's no time for that. So welcome. Any other questions? Yeah, over there, coming. Not really a question. Just a comment about the purism key. It does exist. It's practically though provided by nitro key. So it's practically a nitro key with purism. I thought so. I know the guys at Nitro Key and I know that they're working with a lot of other groups. And now, thanks for confirming that. Any other questions before we wrap up? So the question is, who is we if I'm speaking about our lab and our operations and the way that we work and so on? It's a very loosely held and distributed group of Monero enthusiasts. So it's mostly Monero, what I'm talking about when I say we. It's my colleagues at Monero. We meet regularly and there's a very few amount of people that are actually actively almost daily producing hardware designs. It's mostly me actually. So sometimes it's just me, but I say we anyway to produce a community atmosphere. And often it includes a few other people that are giving feedback or helping in some kind of way. And do we have time for one more? Or no? Other questions? Somebody? No? Yes.